<!DOCTYPE html>
<html lang="zh-CN">
<head>
  <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=2">
<meta name="theme-color" content="#222">
<meta name="generator" content="Hexo 5.4.0">


  <link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon-next.png">
  <link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32-next.png">
  <link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16-next.png">
  <link rel="mask-icon" href="/images/logo.svg" color="#222">

<link rel="stylesheet" href="/css/main.css">



<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.15.3/css/all.min.css">
  <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/animate.css@3.1.1/animate.min.css">

<script class="hexo-configurations">
    var NexT = window.NexT || {};
    var CONFIG = {"hostname":"iyue.top","root":"/","images":"/images","scheme":"Muse","version":"8.3.0","exturl":false,"sidebar":{"position":"left","display":"post","padding":18,"offset":12},"copycode":false,"bookmark":{"enable":false,"color":"#222","save":"auto"},"fancybox":false,"mediumzoom":false,"lazyload":false,"pangu":false,"comments":{"style":"tabs","active":null,"storage":true,"lazyload":false,"nav":null},"motion":{"enable":true,"async":false,"transition":{"post_block":"fadeIn","post_header":"fadeInDown","post_body":"fadeInDown","coll_header":"fadeInLeft","sidebar":"fadeInUp"}},"prism":false,"i18n":{"placeholder":"搜索...","empty":"没有找到任何搜索结果：${query}","hits_time":"找到 ${hits} 个搜索结果（用时 ${time} 毫秒）","hits":"找到 ${hits} 个搜索结果"}};
  </script>
<meta name="description" content="引言针对前端安全，主要有XSS跨站脚本攻击，CSRF跨站伪造请求，SQL注入等，今天主要讨论下关于前两种 XSS跨站脚本攻击更多具体详细的解释可以查看XSS（跨站脚本攻击）的最全总结 XSS攻击通常被分为两类：存储型和反射型。还有第三类，和基于DOM的xss；下面我们不说定义直接看看怎么操作  反射型  一般有搜索框的网站，在搜索东西的时候会在结果页呈现你搜索的字符； 比如你搜索笔记本电脑，网站会">
<meta property="og:type" content="article">
<meta property="og:title" content="XSS与CSRF">
<meta property="og:url" content="http://iyue.top/2018/09/07/XXS%E4%B8%8ECSRF/index.html">
<meta property="og:site_name" content="山外小楼">
<meta property="og:description" content="引言针对前端安全，主要有XSS跨站脚本攻击，CSRF跨站伪造请求，SQL注入等，今天主要讨论下关于前两种 XSS跨站脚本攻击更多具体详细的解释可以查看XSS（跨站脚本攻击）的最全总结 XSS攻击通常被分为两类：存储型和反射型。还有第三类，和基于DOM的xss；下面我们不说定义直接看看怎么操作  反射型  一般有搜索框的网站，在搜索东西的时候会在结果页呈现你搜索的字符； 比如你搜索笔记本电脑，网站会">
<meta property="og:locale" content="zh_CN">
<meta property="article:published_time" content="2018-09-07T12:18:20.000Z">
<meta property="article:modified_time" content="2021-04-27T08:41:57.636Z">
<meta property="article:author" content="萌新">
<meta property="article:tag" content="XSS">
<meta property="article:tag" content="CSRF">
<meta name="twitter:card" content="summary">


<link rel="canonical" href="http://iyue.top/2018/09/07/XXS%E4%B8%8ECSRF/">


<script class="page-configurations">
  // https://hexo.io/docs/variables.html
  CONFIG.page = {
    sidebar: "",
    isHome : false,
    isPost : true,
    lang   : 'zh-CN'
  };
</script>
<title>XSS与CSRF | 山外小楼</title>
  




  <noscript>
  <style>
  body { margin-top: 2rem; }

  .use-motion .menu-item,
  .use-motion .sidebar,
  .use-motion .post-block,
  .use-motion .pagination,
  .use-motion .comments,
  .use-motion .post-header,
  .use-motion .post-body,
  .use-motion .collection-header {
    visibility: visible;
  }

  .use-motion .header,
  .use-motion .site-brand-container .toggle,
  .use-motion .footer { opacity: initial; }

  .use-motion .site-title,
  .use-motion .site-subtitle,
  .use-motion .custom-logo-image {
    opacity: initial;
    top: initial;
  }

  .use-motion .logo-line {
    transform: scaleX(1);
  }

  .search-pop-overlay, .sidebar-nav { display: none; }
  .sidebar-panel { display: block; }
  </style>
</noscript>

</head>

<body itemscope itemtype="http://schema.org/WebPage" class="use-motion">
  <div class="headband"></div>

  <main class="main">
    <header class="header" itemscope itemtype="http://schema.org/WPHeader">
      <div class="header-inner"><div class="site-brand-container">
  <div class="site-nav-toggle">
    <div class="toggle" aria-label="切换导航栏" role="button">
    </div>
  </div>

  <div class="site-meta">

    <a href="/" class="brand" rel="start">
      <i class="logo-line"></i>
      <h1 class="site-title">山外小楼</h1>
      <i class="logo-line"></i>
    </a>
      <p class="site-subtitle" itemprop="description">前端攻略</p>
  </div>

  <div class="site-nav-right">
    <div class="toggle popup-trigger">
    </div>
  </div>
</div>







</div>
        
  
  <div class="toggle sidebar-toggle" role="button">
    <span class="toggle-line"></span>
    <span class="toggle-line"></span>
    <span class="toggle-line"></span>
  </div>

  <aside class="sidebar">

    <div class="sidebar-inner sidebar-nav-active sidebar-toc-active">
      <ul class="sidebar-nav">
        <li class="sidebar-nav-toc">
          文章目录
        </li>
        <li class="sidebar-nav-overview">
          站点概览
        </li>
      </ul>

      <div class="sidebar-panel-container">
        <!--noindex-->
        <div class="post-toc-wrap sidebar-panel">
            <div class="post-toc animated"><ol class="nav"><li class="nav-item nav-level-2"><a class="nav-link" href="#%E5%BC%95%E8%A8%80"><span class="nav-number">1.</span> <span class="nav-text">引言</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#XSS%E8%B7%A8%E7%AB%99%E8%84%9A%E6%9C%AC%E6%94%BB%E5%87%BB"><span class="nav-number">2.</span> <span class="nav-text">XSS跨站脚本攻击</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#CSRF"><span class="nav-number">3.</span> <span class="nav-text">CSRF</span></a></li></ol></div>
        </div>
        <!--/noindex-->

        <div class="site-overview-wrap sidebar-panel">
          <div class="site-author site-overview-item animated" itemprop="author" itemscope itemtype="http://schema.org/Person">
  <p class="site-author-name" itemprop="name">萌新</p>
  <div class="site-description" itemprop="description">我是萌新</div>
</div>
<div class="site-state-wrap site-overview-item animated">
  <nav class="site-state">
      <div class="site-state-item site-state-posts">
          <a href="/archives">
          <span class="site-state-item-count">21</span>
          <span class="site-state-item-name">日志</span>
        </a>
      </div>
      <div class="site-state-item site-state-categories">
            <a href="/categories/">
        <span class="site-state-item-count">1</span>
        <span class="site-state-item-name">分类</span></a>
      </div>
      <div class="site-state-item site-state-tags">
            <a href="/tags/">
        <span class="site-state-item-count">15</span>
        <span class="site-state-item-name">标签</span></a>
      </div>
  </nav>
</div>



        </div>
      </div>
    </div>
  </aside>
  <div class="sidebar-dimmer"></div>


    </header>

    
  <div class="back-to-top" role="button" aria-label="返回顶部">
    <i class="fa fa-arrow-up"></i>
    <span>0%</span>
  </div>

<noscript>
  <div class="noscript-warning">Theme NexT works best with JavaScript enabled</div>
</noscript>


    <div class="main-inner post posts-expand">


  


<div class="post-block">
  
  

  <article itemscope itemtype="http://schema.org/Article" class="post-content" lang="zh-CN">
    <link itemprop="mainEntityOfPage" href="http://iyue.top/2018/09/07/XXS%E4%B8%8ECSRF/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="image" content="/images/avatar.gif">
      <meta itemprop="name" content="萌新">
      <meta itemprop="description" content="我是萌新">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="山外小楼">
    </span>
      <header class="post-header">
        <h1 class="post-title" itemprop="name headline">
          XSS与CSRF
        </h1>

        <div class="post-meta-container">
          <div class="post-meta">
    <span class="post-meta-item">
      <span class="post-meta-item-icon">
        <i class="far fa-calendar"></i>
      </span>
      <span class="post-meta-item-text">发表于</span>

      <time title="创建时间：2018-09-07 20:18:20" itemprop="dateCreated datePublished" datetime="2018-09-07T20:18:20+08:00">2018-09-07</time>
    </span>
      <span class="post-meta-item">
        <span class="post-meta-item-icon">
          <i class="far fa-calendar-check"></i>
        </span>
        <span class="post-meta-item-text">更新于</span>
        <time title="修改时间：2021-04-27 16:41:57" itemprop="dateModified" datetime="2021-04-27T16:41:57+08:00">2021-04-27</time>
      </span>

  
</div>

        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody">
        <h2 id="引言"><a href="#引言" class="headerlink" title="引言"></a>引言</h2><p>针对前端安全，主要有XSS跨站脚本攻击，CSRF跨站伪造请求，SQL注入等，今天主要讨论下关于前两种</p>
<h2 id="XSS跨站脚本攻击"><a href="#XSS跨站脚本攻击" class="headerlink" title="XSS跨站脚本攻击"></a>XSS跨站脚本攻击</h2><p>更多具体详细的解释可以查看<a target="_blank" rel="noopener" href="https://www.cnblogs.com/aware-why/p/5845202.html">XSS（跨站脚本攻击）的最全总结</a></p>
<p>XSS攻击通常被分为两类：存储型和反射型。还有第三类，和基于DOM的xss；下面我们不说定义直接看看怎么操作</p>
<ol>
<li>反射型</li>
</ol>
<p>一般有搜索框的网站，在搜索东西的时候会在结果页呈现你搜索的字符；</p>
<p>比如你搜索<code>笔记本电脑</code>，网站会提示<code>你搜索“笔记本电脑”的结果如下</code>，这说明用户的输入在页面上有了呈现；那么我们输入一段恶意脚本，也许也会原样输出执行，比如我们输入</p>
<figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">&lt;script&gt;alert(<span class="number">1</span>)&lt;/script&gt;</span><br></pre></td></tr></table></figure>
<p>恶意代码就是你可以放一段脚本，比较加入一个js文件请求，在js代码里来获取cookie等用户信息，并发送给自己；但用户并不会自己输入恶意脚本，那么就通过邮件等方式，让用户点击搜索结果连接，以达到脚本注入的目的；</p>
<p>当然基本上没什么网站会有这么明显的漏洞，这里只是演示说如何实现反射型攻击。</p>
<ol start="2">
<li>存储型</li>
</ol>
<p>这种一般常出现在用户可输入，然后在网站动态展示，大家都能看到的网站，如微博，社区，评论等地方；常见的做法就是发一段脚本到输入区，网站会记录下来并动态的渲染在页面上，只要访问的用户都能看到；由于这种情形注入的脚本被写到了服务器数据库中，所以叫存储型攻击；</p>
<ol start="3">
<li>基于DOM</li>
</ol>
<p>这种攻击的前提是易受攻击的网站有一个HTML页面采用不安全的方式从document.location 或document.URL 或 document.referrer获取数据（或者任何其他攻击者可以修改的对象），也就是说恶意代码直接来自这些可任意被修改的对象；详细可查看<a target="_blank" rel="noopener" href="https://www.oschina.net/translate/dom-based-xss-of-third-kind">基于 DOM 的第三类跨站脚本 XSS</a></p>
<p>如上，一般只要这个网站某个页面将用户的输入包含在它生成的动态输出页面中并且未经验证或编码转义，这个缺陷就存在。</p>
<ol start="4">
<li><p>防范方法</p>
<ol>
<li>所有前端的页面渲染，尽量使用ajax异步进行，从后台获取要显示的数据。</li>
<li>前端提交过来的数据，在后台入口处统统对HTML中的关键字进行html编码转义。</li>
</ol>
</li>
</ol>
<h2 id="CSRF"><a href="#CSRF" class="headerlink" title="CSRF"></a>CSRF</h2><p>更多具体详细的解释可以查看<a target="_blank" rel="noopener" href="http://www.vuln.cn/7134">邪恶的CSRF – superfish</a></p>
<p>CSRF叫跨域伪造请求，其实就是模拟用户操作，就是在A网站登录的情况下，B网站可以发起A网站发起的请求；要达成这个目的就需要解决跨域的问题；  </p>
<p>传统的ajax都有跨域的限制，但如发起get请求就很方便，以打开url的方式，jsonp的方式，请求三方资源的方式，都可以达成目的；</p>
<p>而采用原生表单的提交方式，可以发起post跨域请求；</p>

    </div>

    
    
    

    <footer class="post-footer">
          <div class="post-tags">
              <a href="/tags/XSS/" rel="tag"># XSS</a>
              <a href="/tags/CSRF/" rel="tag"># CSRF</a>
          </div>

        

          <div class="post-nav">
            <div class="post-nav-item">
                <a href="/2018/09/06/%E5%8D%95%E7%82%B9%E7%99%BB%E5%BD%95%E7%9A%84%E5%AE%9E%E7%8E%B0%E6%96%B9%E5%BC%8F/" rel="prev" title="单点登录的实现方式">
                  <i class="fa fa-chevron-left"></i> 单点登录的实现方式
                </a>
            </div>
            <div class="post-nav-item">
                <a href="/2018/09/13/%E7%BD%91%E5%9D%80%E6%9C%80%E5%90%8E%E7%9A%84%E6%96%9C%E6%9D%A0%E9%97%AE%E9%A2%98/" rel="next" title="网址最后的斜杠问题">
                  网址最后的斜杠问题 <i class="fa fa-chevron-right"></i>
                </a>
            </div>
          </div>
    </footer>
  </article>
</div>







<script>
  window.addEventListener('tabs:register', () => {
    let { activeClass } = CONFIG.comments;
    if (CONFIG.comments.storage) {
      activeClass = localStorage.getItem('comments_active') || activeClass;
    }
    if (activeClass) {
      const activeTab = document.querySelector(`a[href="#comment-${activeClass}"]`);
      if (activeTab) {
        activeTab.click();
      }
    }
  });
  if (CONFIG.comments.storage) {
    window.addEventListener('tabs:click', event => {
      if (!event.target.matches('.tabs-comment .tab-content .tab-pane')) return;
      const commentClass = event.target.classList[1];
      localStorage.setItem('comments_active', commentClass);
    });
  }
</script>
</div>
  </main>

  <footer class="footer">
    <div class="footer-inner">


<div class="copyright">
  &copy; 
  <span itemprop="copyrightYear">2021</span>
  <span class="with-love">
    <i class="fa fa-heart"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">萌新</span>
</div>
  <div class="powered-by">由 <a href="https://hexo.io/" class="theme-link" rel="noopener" target="_blank">Hexo</a> & <a href="https://theme-next.js.org/muse/" class="theme-link" rel="noopener" target="_blank">NexT.Muse</a> 强力驱动
  </div>

    </div>
  </footer>

  
  <script src="https://cdn.jsdelivr.net/npm/animejs@3.2.1/lib/anime.min.js"></script>
<script src="/js/utils.js"></script><script src="/js/motion.js"></script><script src="/js/schemes/muse.js"></script><script src="/js/next-boot.js"></script>

  






  





</body>
</html>
